[SOLVED] edit packets before forwarding in a linux router
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi
I have a linux box which i have installed a bird router on it.
My linux box acts as a router now.
I need to edit the packets before forwarding, specifically editing Identification field of IPv4 packet for IP traceback purposes.
how can i perform this ?
any suggestion would be greatly appreciated.
Dear nini09
Very thanks to answer but can you explain more and how (a little more help) ?
Can I add this functionality to the existing hook in Netfilter or it is better to add another hook in Netfilter?
If u don't have time to explain more i will solve my problem alone.
Hi again
I found this function at http://www.cs.fsu.edu/~baker/devices...inetpeer.h#L42 website :
static inline __u16 inet_getid(struct inet_peer *p, int more)
Is it logical to modify this function to create our custom IP ID field?
Dear nini09
Maybe this is the last question on this thread.
If i choose netfilter hook to edit IP ID does it has the minimum effect on router performance?
Does it exist another way to perform the similar work with lesser performance effects than netfilter hook?
If the NIC support checksum offload, effect should be very tiny. But if no checksum offload support on the NIC, it could affect performance because checksum has be calculate checksum again after IP id is changed.
Yes, the checksum is recalculated after TTL is decreased. It is expensive action and can be avoided.
If you can trace kernel code to find out where the TTL is modified and adding your hook before TTL is changed, your recalculation can be avoided.
Dear nini09
Because in routers the packets must be forwarded and not Destined to router itself can i use my netfilter hook
in :
"ip_forward.c" file
in :
"int ip_forward(struct sk_buff *skb)" function
right before bellow line ??
return NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, rt->u.dst.dev,ip_forward_finish);
Hi again
I have this code which i have access to every field of ip header except option field.
how can i access to option field or create option field and append it to ip header ?
static unsigned int hook_func(unsigned int hooknum,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct iphdr *ip_header;
struct tcphdr *tcp_header;
It is easy to access IP option field if ip header is got. IP option is after IP header, just shifting 20 bytes.
It is difficult to create a new option. The IP and MAC header have to be shifted at first and then a new option can be added.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.